General
-
Target
K&T MANAGEMENT SERVICES.exe
-
Size
568KB
-
Sample
230118-j5gghshd9z
-
MD5
246b9f387bb69263213149dca28a0062
-
SHA1
3c4b19e509327122e5246450a87087a4e50f631f
-
SHA256
e7b140fee83be7cd429e9a7458b0fe6a67615b3e2877998f41803f48e63362f3
-
SHA512
4563dc4646c760f31063269605fa9f733f7529eed4701eacc0d5fab1cb49604040cbfb68d77152b14dea99658d4a314b243c548f0264144d60ad292a75db547c
-
SSDEEP
6144:2Q606xp2KCydMiN9JZtjKJiqQlvspzScVTZj8Sg5phROxfpF9mpt0+wLH701k8vI:c2KCyjNbZwJP8vPcVMHhRm9GtXMQk8Hg
Static task
static1
Behavioral task
behavioral1
Sample
K&T MANAGEMENT SERVICES.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
K&T MANAGEMENT SERVICES.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
K&T MANAGEMENT SERVICES.exe
-
Size
568KB
-
MD5
246b9f387bb69263213149dca28a0062
-
SHA1
3c4b19e509327122e5246450a87087a4e50f631f
-
SHA256
e7b140fee83be7cd429e9a7458b0fe6a67615b3e2877998f41803f48e63362f3
-
SHA512
4563dc4646c760f31063269605fa9f733f7529eed4701eacc0d5fab1cb49604040cbfb68d77152b14dea99658d4a314b243c548f0264144d60ad292a75db547c
-
SSDEEP
6144:2Q606xp2KCydMiN9JZtjKJiqQlvspzScVTZj8Sg5phROxfpF9mpt0+wLH701k8vI:c2KCyjNbZwJP8vPcVMHhRm9GtXMQk8Hg
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-